1.1 Flashcards

Social Engineering

1
Q

Phishing

A

Phishing attacks are fraudulent emails, text messages, phone calls or web sites designed to trick users into downloading malware, sharing sensitive information or personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Smishing

A

Smishing is a type of phishing attack that involves the use of text messages (SMS or MMS) to deceive individuals into providing sensitive information or taking certain actions. The term “smishing” is a combination of “SMS” (Short Message Service) and “phishing.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vishing

A

Vishing, short for “voice phishing,” is a type of social engineering attack in which an attacker uses phone calls to trick individuals into providing sensitive information or taking certain actions. Vishing is similar to phishing but involves voice communication instead of electronic messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Spam

A

Spam refers to unwanted or unsolicited messages, commonly seen in the form of mass-distributed emails, online forum posts, or instant messages. Whether for advertising, phishing, or other malicious purposes, spam is characterized by its unsolicited nature and the intent to reach a broad audience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SPIM

A

“Spim” is a term used to describe unsolicited instant messages, similar to email spam but occurring in the context of instant messaging (IM) platforms. Just as email spam involves the mass distribution of unwanted emails, spim involves the sending of unwanted messages through instant messaging systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Spear Phishing

A

“Spear phishing” is a type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dumpster Diving

A

Dumpster diving is a cyberattack where the attacker gets their hands on sensitive documents or data you carelessly threw into the trash bin. Yes, it sounds funny, but the potential damage is real.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Shoulder Surfing

A

Shoulder surfing is a type of security threat in which an unauthorized person observes or spies on the activities of individuals, such as entering passwords, PINs, or other confidential information, by looking over their shoulders or from a distance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Pharming

A

Pharming is a cyber attack that involves the redirection of website traffic to fraudulent websites without the user’s knowledge. In a pharming attack, the attacker typically exploits vulnerabilities in the Domain Name System (DNS) or uses other methods to manipulate the resolution of domain names.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Tailgating

A

Tailgating attacks are where an attacker follows an unaware user to gain access to an area without authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Eliciting Information

A

Eliciting information refers to the process of extracting sensitive or confidential data from individuals through various means, often with the goal of exploiting that information for malicious purposes. This can involve social engineering techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Whaling

A

“Whaling” is a type of cyber attack that specifically targets high-profile individuals within an organization, such as executives, top-level management, or individuals with access to sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Prepending

A

“Prepending” in the context of cybersecurity typically refers to a technique where additional characters or data are added to the beginning of a string or file. In the broader sense of “cyber,” “prepending” could be used in various cybersecurity concepts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Identity Fraud

A

Identity fraud is a type of crime where an individual’s personal information is stolen and used for fraudulent purposes. This stolen information may include the person’s name, Social Security number, credit card details, or other sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Invoice Scam

A

An invoice scam is a type of fraud where scammers send fake invoices or bills to individuals or businesses with the intention of deceiving them into making payments for goods or services that were never received or were never legitimately contracted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Credential Harvesting

A

Credential harvesting, also known as credential harvesting attacks or password harvesting, is a type of cyber attack where malicious actors attempt to gather sensitive login credentials, such as usernames and passwords, from individuals. Typically carried out through phishing, malicious websites, email scams, or malware but not always.

17
Q

Reconnaissance

A

Attackers gather information about a target system, network, or organization to identify vulnerabilities and plan their attack. Cyber reconnaissance is a crucial step for attackers as it helps them understand the target environment and increases the chances of a successful cyber attack.

18
Q

Hoax

A

Cyber hoaxes can take various forms and may involve the spread of false information through emails, social media, websites, or other online platforms. These hoaxes can range from harmless pranks to more malicious attempts to deceive or manipulate people.

19
Q

Impersonation

A

Impersonation in the context of cybersecurity refers to the act of pretending to be someone else, often with the intent to deceive, manipulate, or gain unauthorized access to sensitive information.

20
Q

Watering Hole Attack

A

A watering hole attack is a type of cyber attack in which attackers compromise a website that is frequently visited by the target individuals or groups. The goal is to infect the websites frequented by the target audience with malware, exploiting the trust users place in those sites.

21
Q

Typosquatting

A

Typosquatting, also known as URL hijacking or fake URL attacks, is a deceptive practice where attackers register domain names that closely resemble legitimate, well-known websites. The intent is to capitalize on users making typographical errors when entering a website’s URL into their browser. These malicious domain names may have slight misspellings, extra characters, or variations that can easily go unnoticed by users at first glance.

22
Q

Pretexting

A

Pretexting is a social engineering technique used in cyber attacks where an attacker creates a fabricated scenario or pretext to manipulate individuals into divulging sensitive information or performing certain actions.

23
Q

Influence Campaigns

A

Influence campaigns in the context of cybersecurity refer to orchestrated efforts, often with a political or ideological motive, to manipulate public opinion, sow discord, or achieve specific outcomes by leveraging online platforms and social media.

24
Q

Hybrid Warfare

A

Hybrid warfare, a blend of conventional and unconventional tactics like cyberattacks, disinformation, and economic pressure, poses a complex threat.

25
Q

Social Media

A

Social media influence campaigns refer to coordinated efforts by individuals, organizations, or state actors to shape public opinion, manipulate perceptions, or achieve specific goals through the strategic use of social media platforms.

26
Q

Principles (Reasons for Effectiveness) :

A

Authority:
Pretending to be a figure of authority, such as a manager, IT personnel, or a trusted service provider, to gain trust and compliance from the target.

Intimidation:
Using threats, coercion, or fear tactics to manipulate individuals into divulging information or performing actions they wouldn’t under normal circumstances.

Consensus:
Leveraging the desire to conform by presenting fake evidence of others (fabricated consensus) complying with a request, making the target more likely to comply as well.

Scarcity:
Creating a sense of urgency or scarcity, such as claiming limited availability or an impending threat, to prompt the target to act hastily without proper verification.

Trust:
Establishing trust by impersonating a trusted entity, using familiarity, or exploiting pre-existing relationships to manipulate individuals into providing sensitive information.

Urgency:
Creating a false sense of urgency to pressure individuals into making quick decisions without proper verification, leading to actions that benefit the social engineer.